cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mgorman
Contributor II

Questions on FIPS

For those that have dealt with a lot of government work here in the US (and Canada), do you have any good references on what requires full FIPS 140-2 certification, including an operating environment, and what only requires a FIPS validated crypto module?  I've been trying to read through various regulations, FedRAMP, CMMC, and CJIS as examples, and I'm just not sure. It seems like it would be impossible for every combination of OS and hardware in use to be fully validated for some of the solutions, especially around things like CJIS, where basically every law enforcement agency in the country is involved.

0 Replies